Today, April 23, 2025, the European Commission has shown some teeth with the EU’s digital rulebook by slamming tech giants Apple and Meta with admittedly low fines.
The penalties of €500 million and €200 million each were imposed for breaching the Digital Markets Act (DMA) and were complemented by an order to the companies to stop the infringing behaviour.
The fine on Meta was levied for their ‘Pay or Consent’/’Pay or Okay’ model which forces people to either pay for their right to privacy or consent to extensive commercial surveillance on their platforms, including Facebook and Instagram. Disappointingly, the Commission has not taken a final decision on the ‘alternative’ Meta proposed to their Pay or Consent model, which allegedly offers an option with ‘less personalised ads’ but still tracks people’s data and forces them into using the personalised model.
Apple was fined for their restrictive app store rules which prevent app developers from freely informing their users about alternative offers and content. The Commission has also issued preliminary findings confirming that Apple makes it unduly difficult for people to use alternative app distribution channels on iOS, such as by charging unnecessary and disproportionate fees.
DMA and similar laws are crucial for putting people’s rights before corporate profits
These long-awaited non-compliance decisions follow a year-long investigation into both Apple and Meta’s practices. They mark the first penalties under the DMA, which came into force in 2024, and challenges the stronghold of Big Tech platforms exerting too much power over our rights and over the flow of information in society.
While we commend the strong stance taken by the Commission in backing EU’s digital laws, we are concerned about the low fines – a pittance for Big Tech companies like Meta and Apple as revealed by a recent investigation. Both companies also have a history of playing compliance games with regulators, treating it as a mere box-checking exercise.
Today’s decision makes the power of EU’s digital rulebook evident, even if the actual enforcement should be stronger with more significant fines. Through their practices, Apple and Meta are making is nearly impossible for people to control their own digital lives, all for the sake of corporate profits. This is exactly why laws like the DSA, DMA and GDPR were designed to deter. These laws have great potential to address the dominance of tech giants and the consequences on our democracy and fundamental rights.
Commission declares Meta’s Pay or Okay model unlawful, no final decision on new ‘alternative’
In a praiseworthy move, the Commission has declared Meta’s binary ‘Pay or Okay’ model – introduced in 2023 – unlawful. This forced consent model is the very embodiment of surveillance ad-based business tactics that coerce people to choose between paying for access or giving up their privacy. If this model spreads, it will lead to serious digital harms and weaken fundamental rights.
Meta, in the meantime, had already rolled out a new version of ‘Pay or Okay’ in November 2024, in which people who do not consent to personalised ads, see less of them.
Unfortunately, the Commission has not yet decided about the legality of this alternative option despite the fact that it is still not DMA or General Data Protection Regulation (GDPR) compliant, and still does not offer a meaningful choice to people. It smells of compliance-washing at play, as it will still force the user into ultimately accepting surveillance advertising or settling for a far-worse online experience with many interruptive ad-breaks.
“Meta’s so-called “third option” with less personalised ads is not a meaningful alternative – it’s a tactical redesign meant to deflect scrutiny. Users are still forced to choose between paying or being tracked, and those who refuse tracking are punished with a degraded experience. That’s not consent, and it’s not compliance.” – Itxaso Domínguez de Olazábal, Policy Advisor, EDRi
Apple’s app store rules disregard rules and best interests of consumers
According to the DMA, app developers must be able to, free of charge, inform their users of purchasing options independent of the gatekeeper, steer them to those offers and allow them to make purchases there. Likewise, developers must be free to enable their users to get their apps through other channels than Apple’s gatekeeper App Store (e.g. third party app stores or through websites), without depending on the gatekeeper’s approval or control. Apple does not allow for this, thus breaching the DMA.
Since the DMA’s entry into force, Apple has shown a blatant disregard for the letter and spirit of that regulation, and for the best interests of its own customers. Apparently, Apple is so afraid that other providers might offer a better product, that it needs to prevent them from reaching people at all costs. – Jan Penfrat, Senior Policy Advisor, EDRi
With artificial barriers and a deliberate lack of compatibility with non-Apple services, the company has a long history of obstructing people’s device and software freedoms, under the guise of digital security and privacy.
The Commission’s partly preliminary decisions on Apple today will empower both app developers and users to make use of and run software on the devices they own in the way that they see fit. We, as people using the devices, should have control over our devices instead of gatekeepers like Apple, who have a strong commercial incentive to lock users into their ecosystem of services.
What’s next?
Meta’s spokesperson has called today’s decision an attempt by the European Commission “to handicap successful American businesses while allowing Chinese and European companies to operate under different standards.” We are concerned that the company representatives have chosen to tag-team along with the Trump administration to try to force the EU to back down from enforcing its laws that protect human rights from Big Tech corporations’ voracious, profit-driven motives. Their words belay their intentions to not meaningfully engage in compliance efforts.
We also urge the European Commission to see past Meta’s attempts at bypassing regulators with their so-called ‘alternative’, which still violates the DMA and the GDPR. The Commission treating this as lawful risks turning privacy into a luxury.
The Commission should also confirm its own preliminary findings regarding Apple’s App Store and acknowledge that the gatekeeper’s Core Technology Fee and forced notarisation process is in breach of the DMA.
